Refactor authentication token for new study-group-based authorization

app/controllers/application_controller.rb

@@ -48,7 +48,15 @@ class ApplicationController < ActionController::Base
 
     if token.expire_at.future?
       token.update(expire_at: Time.zone.now)
-      auto_login(token.user)
+      session[:study_group_id] = token.study_group_id
+
+      # Sorcery Login only works for InternalUsers
+      return auto_login(token.user) if token.user.is_a? InternalUser
+
+      # All external users are logged in "manually"
+      session[:external_user_id] = token.user.id
+      session.delete(:lti_parameters_id)
+      token.user
     end
   end
 

app/controllers/subscriptions_controller.rb

@@ -55,9 +55,10 @@ class SubscriptionsController < ApplicationController
   def subscription_params
     current_user_id = current_user.try(:id)
     current_user_class_name = current_user.try(:class).try(:name)
+    study_group_id = current_user.try(:current_study_group_id)
     if params[:subscription].present?
       params[:subscription].permit(:request_for_comment_id, :subscription_type).merge(user_id: current_user_id,
-        user_type: current_user_class_name, deleted: false)
+        user_type: current_user_class_name, study_group_id: study_group_id, deleted: false)
     end
   end
   private :subscription_params